You may be wondering why a financial services company would need a SOC 1 report. Well, in today’s financial services landscape, trust is currency—and transparency is the key to earning it.

HITRUST Certification is a globally recognized program that validates an organization’s compliance with the HITRUST Common Security Framework (CSF). An alternative to obtaining a HITRUST CSF Certification is the SOC 2 + HITRUST report, which serves as a collaboration between HITRUST and the AICPA.

Generational differences speak loudly in today’s workplace as one of the main reasons for conflict at work.

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications. It is notably different than working within traditional virtualization environments, and/or “standard” image-based cloud deployments at Amazon or Microsoft. With that comes opportunity for deployment engineers, but also challenges for security and compliance professionals. This post provides you with some perspective on technical architecture for Docker and specific use cases for configuring Docker containers for PCI compliance. Where I could, I provide screenshots and examples for a test Docker environment created for this purpose.

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/HITECH, or ISO assessment, you already know that detailed configuration standards are a must. If you haven’t been through one of these assessments …get ready for some serious typing!

We all have our own ways of creating our perfect work environment.

At some point in life, we all need advice and being a mentor is a meaningful way to provide it. Mentoring not only empowers others but also ourselves.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was created to best uphold the fundamental personal information rights of individuals and further unify the member states of the EU in their endeavor to manage and protect data. The GDPR’s predecessor, the Data Protection Directive (the Directive) was in place to afford similar protections to data subjects. However, since the Directive’s adoption in 1995, we’ve seen tremendous changes to the technology landscape and a constancy of cross-boarder data transfers, and we’ve recognized that the protections offered through the previous legislation were antiquated and obsolete. With the introduction of the GDPR, individuals have been empowered like never before, and organizations bound to the new framework are starting to feel the weight of that.